nurhun
December 27, 2020, 7:41pm
1
Dears,
My wildcard certificate was working fine with subdomains, but suddenly newly created subdomains are not secured, it gives invalid certificate, however it works fine for previously created instances ?! Is there a limit on subdomains number, like ...
1.my-domain.com
2.my-domain.com
.
.
.
100000.my-domain.com
My domain is: pharmacistplace.com
I ran this command: wildcard
My web server is (include version): Apache2
The operating system my web server runs on is (include version): ubuntu 16.04
2 Likes
Hi @nurhun
checking your domain there is no real problem visible - https://check-your-website.server-daten.de/?q=pharmacistplace.com#ct-logs
Issuer
not before
not after
Domain names
LE-Duplicate
next LE
Let's Encrypt Authority X3
2020-11-20
2021-02-18
112233.pharmacistplace.com , 3182020.pharmacistplace.com , 92020.pharmacistplace.com , accountingtest.pharmacistplace.com , ahmedshokry.pharmacistplace.com , citypharmacy.pharmacistplace.com , demo101.pharmacistplace.com , demo102.pharmacistplace.com , demo103.pharmacistplace.com , demo104.pharmacistplace.com , demo105.pharmacistplace.com , demo106.pharmacistplace.com , demo107.pharmacistplace.com , demo108.pharmacistplace.com , demo109.pharmacistplace.com , demo110.pharmacistplace.com , demo201.pharmacistplace.com , demo202.pharmacistplace.com , demo203.pharmacistplace.com , demo204.pharmacistplace.com , demo205.pharmacistplace.com , demo206.pharmacistplace.com , demo207.pharmacistplace.com , demo208.pharmacistplace.com , demo209.pharmacistplace.com , demo210.pharmacistplace.com , dwaa.pharmacistplace.com , faragtest.pharmacistplace.com , final-test-r.pharmacistplace.com , homos2.pharmacistplace.com , ibnsina-demo.pharmacistplace.com , inventorytest.pharmacistplace.com , inventory-test-upload.pharmacistplace.com , m-salah.pharmacistplace.com , osama.atef.pharmacistplace.com , pharmacistplace.com , phms1.pharmacistplace.com , postest18-10-2020.pharmacistplace.com , r23.pharmacistplace.com , sales2.pharmacistplace.com , sdferdg.pharmacistplace.com , sdffhjytr.pharmacistplace.com , sdfsdghg.pharmacistplace.com , test.pharmacistplace.com , test2r.pharmacistplace.com , wevfgdfgetg.pharmacistplace.com 46 entries
Let's Encrypt Authority X3
2020-11-19
2021-02-17
112233.pharmacistplace.com , 3182020.pharmacistplace.com , 92020.pharmacistplace.com , accountingtest.pharmacistplace.com , ahmedshokry.pharmacistplace.com , citypharmacy.pharmacistplace.com , demo101.pharmacistplace.com , demo102.pharmacistplace.com , demo103.pharmacistplace.com , demo104.pharmacistplace.com , demo105.pharmacistplace.com , demo106.pharmacistplace.com , demo107.pharmacistplace.com , demo108.pharmacistplace.com , demo109.pharmacistplace.com , demo110.pharmacistplace.com , demo201.pharmacistplace.com , demo202.pharmacistplace.com , demo203.pharmacistplace.com , demo204.pharmacistplace.com , demo205.pharmacistplace.com , demo206.pharmacistplace.com , demo207.pharmacistplace.com , demo208.pharmacistplace.com , demo209.pharmacistplace.com , demo210.pharmacistplace.com , dwaa.pharmacistplace.com , faragtest.pharmacistplace.com , final-test-r.pharmacistplace.com , homos2.pharmacistplace.com , ibnsina-demo.pharmacistplace.com , inventorytest.pharmacistplace.com , inventory-test-upload.pharmacistplace.com , m-salah.pharmacistplace.com , osama.atef.pharmacistplace.com , pharmacistplace.com , phms1.pharmacistplace.com , postest18-10-2020.pharmacistplace.com , r23.pharmacistplace.com , sales2.pharmacistplace.com , sdferdg.pharmacistplace.com , sdffhjytr.pharmacistplace.com , sdfsdghg.pharmacistplace.com , test.pharmacistplace.com , test2r.pharmacistplace.com , wevfgdfgetg.pharmacistplace.com 46 entries
Let's Encrypt Authority X3
2020-08-30
2020-11-28
*.pharmacistplace.com, pharmacistplace.com
2 entries
Let's Encrypt Authority X3
2020-08-30
2020-11-28
*.pharmacistplace.com, pharmacistplace.com
2 entries
Two older certificates with 46 domain names. There is a 100 names limit, so that's not a problem.
TXT entries are good.
Your exact command and error message is required.
3 Likes
Osiris
December 27, 2020, 7:54pm
3
nurhun:
My wildcard certificate was working fine with subdomains, but suddenly newly created subdomains are not secured, it gives invalid certificate, however it works fine for previously created instances ?! Is there a limit on subdomains number
A wildcard certificate does have a few technical limits, but within those limits, there are no limits to how many label variants the certificate is valid. Here are the technical constraints: the wildcard is only valid for one DNS label. I.e., *.example.com
is valid for foo.example.com
but not for bar.foo.example.com
, as the latter hostname has two labels on the position of the wildcard. The wildcard can only be the upmost left DNS label. I.e., *.foo.example.com
is fine, but bar.*.example.com
is not.
4 Likes
nurhun
December 27, 2020, 11:18pm
4
Thanks ... bur actually I'm using I label as a subdomain and issue happened.
1 Like
nurhun
December 27, 2020, 11:19pm
5
Thank you for the detailed check .. could you check testing.pharmacistplace.com ? It's even not listed here ?
1 Like
griffin
December 27, 2020, 11:45pm
6
Welcome to the Let's Encrypt Community
Then you let that wildcard certificate expire a month ago...
5 Likes
Rip
December 28, 2020, 12:05am
7
the "testing" subdomain is not listed on the certificate being served currently.
you could --expand the certificate or go back to a VALID wildcard certificate.
Might be your best option if your subdomains are frequently changing.
5 Likes
danb35
December 28, 2020, 2:05am
8
Here's the cert you're serving:
As you can see, it isn't a wildcard. If you want a cert to act like a wildcard cert, it needs to be a wildcard cert.
10 Likes
The test tool is online, use it.
That's one reason I've created that tool: That other users can test their domain.
A "hidden tool" wouldn't be helpful.
3 Likes
nurhun
December 30, 2020, 9:33pm
10
That's exactly what happened, when expired month ago, I ran only "certbot --apache", I only reinstalled the main domain not the wildcard !!
Then, now I'm trying to get a wildcard cert using below but it's not working, any ideas ?!
certbot -d pharmacistplace.com -d *.pharmacistplace.com --preferred-challenges=dns --apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
None of the preferred challenges are supported by the selected plugin
2 Likes
You can't use dns validation with Apache.
Your Apache doesn't know something about your dns configuration.
Wildcard -> dns validation -> no webserver validation.
Read
When you get a certificate from Let’s Encrypt, our servers validate that you control the domain names in that certificate using “challenges,” as defined by the ACME standard. Most of the time, this validation is handled automatically by your ACME...
3 Likes
nurhun
December 30, 2020, 10:13pm
12
Then, I have to verify it manually ?!
certbot certonly --manual ?
2 Likes
If your dns provider doesn't have a supported API, yes.
Check acme.sh, there are more APIs supported.
3 Likes
nurhun
January 3, 2021, 10:22am
14
Solved manually, thanks.
Now for the 100 subdomain limit, is there any way to expand this limit, even paid ?!
2 Likes
system
Closed
February 2, 2021, 10:25am
16
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.